178 matches found
CVE-2026-57429
CVE-2026-57429 is associated with the WordPress plugin Slim SEO (versions ≤ 4.6.2). The vulnerability is described as Broken Access Control in the available connected documents (Patchstack listing and CVE records). Public details in the connected sources confirm the affected software/component an...
EUVD-2026-36960
Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...
CVE-2026-42655 WordPress Best Payments Plugin for WP plugin <= 4.6.19 - Payment Bypass vulnerability
Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP = 4.6.19 versions...
EUVD-2026-36742
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...
CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...
CVE-2026-52778
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...
CVE-2026-41497
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
CVE-2025-32751
Dell PowerFlex Manager, versions =4.6.2, contains an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information...
CVE-2025-32747
Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
EUVD-2026-28639
PraisonAI MCP tools/call path-traversal = RCE via Python .pth injection...
CVE-2026-44339
Summary: A vulnerability in PraisonAI’s tool resolution allows undeclared main callables to be invoked through tool-call name manipulation. Prior to versions 4.6.37 (PraisonAI) and 1.6.37 (PraisonAIagents), unresolved tool names were resolved against module globals and main when the declared tool...
CVE-2026-44338
PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...
CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...
EUVD-2026-28595
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
PT-2026-39003
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...
EUVD-2026-28312
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...
PT-2026-39005
Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.5.6 through 4.6.33 Description PraisonAI ships a legacy Flask API server that has authentication disabled by default due to hard-coded AUTH ENABLED = False and AUTH TOKEN = None variables in the api server.py file. This...
CVE-2026-6525
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4...
EUVD-2026-26462
RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...